American Cyber Security firm Domain Tools has recently warned that hackers are currently using hundreds of fake websites to mimic major UK banks in order to obtain personal information and the credentials of unsuspecting customers. Domain Tools is a threat intelligence and solutions firm which specializes in anti-phishing software and products. The company uses a database comprised of domain name, IP address, and WHOIS data to evaluate and authenticate different brands and their online presence.
The Seattle-based firm has identified approximately 300 websites being run by hackers who are using the popular hacking technique known as ‘Cybersquatting’ or‘Typosquatting’. Cybersquatting involves tricking the general public by variants of popular trademarked or websites. ‘Cyber Squatters’ register websites with names that are similar to famous brand names and websites. When end users land on these fake websites after entering in a typo they are unlikely to notice any difference and end up typing their credentials, passwords and personal information into these websites, resulting in massive compromises and breaches to their security.
Between March 27th and March 31st this year, Domain Tools monitored a large number of banks and retailers within the United Kingdom and discovered that there are 324 fake websites, which are posing as online outlets for famous banks; including Barclays, HSBC and Lloyds. The research concluded that currently within the United Kingdom there are 110 imitation websites running for HSBC, 22 for Lloyds, 74 for Barclays and 66 for NatWest.
However despite these seemingly worrying numbers produced in their report, Domain Tools assured that the majority of these fake websites are blacklisted under spam and phishing, which means that commonly used browsers such as Google Chrome and Mozilla Firefox are likely to block these websites, or at least warn users about the possible threats.
Domain Tools also reported that fake websites being disguised as popular UK banks could result in incidents of pay-per-click ad scams or even worse, ransomware attacks. Ransomware is computer malware that covertly installs itself onto a victim’s device. Hackers are then able to lock the device or blackmail the victim by asking them for ransom. According to a report by Verizon, ransomware attacks across the world had increased by up to 50 per cent during the year 2016.
Cybersquatting is however, just one component of a general hacking strategy known as phishing, which is perhaps the easiest and most straightforward of all the hacking techniques. It is for this reason that phishing is gaining a lot of popularity amongst hackers across the world. In a report published by the Anti-Phishing Working Group (APWG), there were over 1.22 million phishing attacks recorded in 2016, making that a huge 65 per cent increase in comparison to the year before.
Domain Tools’ Senior Security Researcher, Kyle Wilhoit made a statement advising companies to start monitoring for fake domain name registrations He stated that “It is much better to own your own typo domains than to leave them available to someone else.”
With the ever increasing presence of hackers online Internet users are extremely vulnerable and should be especially vigilant when they are opening or using their bank services online. The latest research by Domain Tools brings to light the serious and crucial threat that is happening to our data and privacy. The firm further provided some important tips on how to avoid phishing attacks. These tips included advising the general public to double check domain names for any extra or reversed letters (HBSC.com instead of HSBC.com as well as checking for singular and plural name versions of the companies or brands that they are typing into their web browsers (barclay.com instead of barclays.com).
Read more articles about Phishing here.